The Good, The Bad And The Ugly Of Bitcoin Security

It’s probably safe to assume that Bitcoin is here to stay. Yes, it’s a bit volatile and yes, other cryptocurrencies are a lot easier to mine and a lot cheaper to buy, but the ever-growing number of ways to spend bitcoins – plus the fact that it’s still around after being proclaimed dead numerous times over the past few years – is a testimony of the resilience of the world’s most popular, and polarizing, cryptocurrency.

Thing is though, this doesn’t mean that you should blindly jump into Bitcoin. Aside from the high price of entry, a string of events over the past year have shown that while the Bitcoin protocol itself may be secure, the wallets and services used to store and exchange Bitcoinmay not.

Here’s a quick look into the security of the bitcoin protocol itself as well as some notable instances of large-scale bitcoin theft.

Thing is though, this doesn’t mean that you should blindly jump into Bitcoin. Aside from the high price of entry, a string of events over the past year have shown that while the Bitcoin protocol itself may be secure, the wallets and services used to store and exchange Bitcoinmay not.

Here’s a quick look into the security of the bitcoin protocol itself as well as some notable instances of large-scale bitcoin theft.

There are also hardware wallets, which store key information in offline hardware. The advantage of hardware wallets is in the fact that the key data is stored in a protected area of a microcontroller and that they are immune to software and viruses that can steal wallets stored on normal computers.

The bitcoins stored in hardware wallets can also be used directly, unlike paper wallets, which need to be keyed in or imported to software. Pi-Wallet (pictured below) is one of the few currently available hardware wallets. You can even build your own Pi-Wallet.

Silk Road 2.0

In February this year, $2.7 million worth of bitcoins were stolen from Silk Road 2.0‘s escrow account. This heist occured at roughly the same time as the aforementioned DoS attacks on bitcoin exchanges such as Mt. Gox, andexploited the same transaction malleability in the bitcoin protocol.

However, unlike the bitcoin exchanges, which shut themselves down as a precautionary measure, Silk Road 2.0 did not shut itself down and wasattacked during a re-launch phase when all bitcoins were stored in hot storage.

51% Attack

This isn’t a security breach per se, but it is one of the bitcoin network’s most dangerous weaknesses. When an individual or a group of individuals owns more than 50% of the computing power within the bitcoin network, the network is opened up to the possibility of a 51% attack – the advantage in computing power can be used to fork the main transaction blockchain and commit fraud, including the double spending discussed earlier.

While this may seem far-fetched, the bitcoin network was nearly exposed to such an attack earlier this year. In January, panic spread when Ghash.io, a mining pool, began approaching that 50% limit. The situation was resolved without incident, due to miners leaving Ghash.io for smaller pools, as well as the pool’s own decision to stop accepting new miners.

While the reaction shows that the bitcoin network can self-regulate, having to rely on miners and pool owners doing the right thing is problematic, to say the least. The distribution of mining power has become less concentrated, but the possibility remains that a 51% attack can still happen.

The Future?

Interestingly enough, the fallout from Mt. Gox may just be good for bitcoin. In ajoint statement issued by 5 leading bitcoin exchanges, the need for appropriate and independently audited safety measures for custodians, alongside more transparency and accountability, is brought up.

It’s conceivable that such measures are exactly what bitcoin needs if it wants to survive recent events and reestablish its credibility and security. Ironically however, these forms of regulation and auditing may end up going against the original spirit of bitcoin. How this paradox will resolve itself, though, remains to be seen.